A C++/Asm template for PIC/EXE/DLL malware
☆24Aug 12, 2025Updated 7 months ago
Alternatives and similar repositories for Imperium
Users that are interested in Imperium are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- .NET port of Leron Gray's azbelt tool.☆26Sep 21, 2023Updated 2 years ago
- LibWinHttp is a simplified WinHTTP wrapper designed as a Crystal Palace shared library for implant development. Its primary purpose is to…☆41Nov 4, 2025Updated 4 months ago
- Extra cmdlets to help with quering security related information from Azure☆14Sep 16, 2024Updated last year
- Identifies LOLDrivers that are not blocked by the active HVCI policy — ideal for BYOVD scenarios.☆79Jul 25, 2025Updated 7 months ago
- Command Augmentation support for BOFs and .NET assemblies across agents☆42Mar 17, 2026Updated last week
- BOF implementation of Adopt. Spawns a process from a process. Can sometimes be used to run a session > 0 process from session 0.☆17Jul 22, 2022Updated 3 years ago
- Executes Read/Write process memory with `NtQueryCompositionSurfaceStatistics`☆23Feb 10, 2024Updated 2 years ago
- Cobalt Strike Beacon Object File (BOF) that uses RegConnectRegistryA + RegOpenKeyExA API to dump registry hives on remote computer☆17Mar 4, 2023Updated 3 years ago
- Implementing an early exception handler for hooking and threadless process injection without relying on VEH or SEH☆140Aug 31, 2025Updated 6 months ago
- A pure C version of SymProcAddress☆30Mar 17, 2024Updated 2 years ago
- Repository to gather the .NET malware I will be developing☆18Mar 7, 2026Updated 2 weeks ago
- ☆59Feb 19, 2026Updated last month
- Indirect Syscall implementation to bypass userland NTAPIs hooking.☆85Aug 13, 2024Updated last year
- shell code example☆68Dec 12, 2025Updated 3 months ago
- Alternative Read and Write primitives using Rtl* functions the unintended way.☆79Aug 25, 2025Updated 6 months ago
- Finding Truth in the Shadows☆125Jan 26, 2023Updated 3 years ago
- Local SYSTEM auth trigger for relaying - X☆154Jul 23, 2025Updated 8 months ago
- Load various payload (DLL from memory, Exe, etc...) in a way to evade static analysis of Antivirus. It can fetch data from various method…☆15Updated this week
- ☆20Sep 6, 2025Updated 6 months ago
- A modern Rust implementation of the original Stardust project, providing a sophisticated 32/64-bit shellcode template that features posit…☆59Mar 17, 2025Updated last year
- Loads NTDLL, parses the PE file, extracts "Zw" functions, retrieves their System Service Numbers (SSNs), and prints each function’s name,…☆15Apr 21, 2025Updated 11 months ago
- Porting of NPPSPY by Grzegorz Tworek to 'man in the middle' the user logon process, and store the user's name and password in an unassumi…☆19Apr 24, 2023Updated 2 years ago
- Malware?☆77Oct 26, 2025Updated 4 months ago
- A hacky way of getting cross-arch/platform support in Cobalt Strike☆37Aug 31, 2025Updated 6 months ago
- A Windows PE loader / manual mapper for executables (x86 and x64) with full TLS (Thread Local Storage) support.☆91Oct 27, 2025Updated 4 months ago
- Mass target enumeration☆32Apr 3, 2021Updated 4 years ago
- A dotnet executable to get an Entra token in an authenticated runtime☆17Oct 30, 2024Updated last year
- A simple parser(library) which extracts shimcache data from windows.☆15May 20, 2019Updated 6 years ago
- ForsHops☆59Mar 25, 2025Updated 11 months ago
- A class to emulate the behavior of NtQuerySystemInformation when passed the SystemHypervisorDetailInformation information class☆27Sep 15, 2023Updated 2 years ago
- Mirage is a PoC memory evasion technique that relies on a vulnerable VBS enclave to hide shellcode within VTL1.☆105Feb 25, 2025Updated last year
- Divulge Stealer a highly advanced info-stealer that outperforms its predecessor, Umbral-Stealer by Blank-c. This new iteration is a compl…☆16Jan 7, 2025Updated last year
- Encodes a payload within a generated mock-CSS file☆59Sep 18, 2023Updated 2 years ago
- Reports on Driver, LSASS and other security services mitigations☆34Aug 18, 2025Updated 7 months ago
- WinXPSP2.Cermalus on stereoids, supporting all 32 bits Windows version. Windows Kernel Virus stuff for noobs☆18Aug 11, 2023Updated 2 years ago
- Collection of red team techniques.☆69Apr 25, 2025Updated 10 months ago
- One-header configurable C++20 COFF loader☆21Jul 21, 2025Updated 8 months ago
- Proxy function calls through the thread pool with ease☆31Feb 27, 2025Updated last year
- ☆42Feb 18, 2025Updated last year